javascript python java c# php android html jquery c++ css ios mysql sql r node.js arrays reactjs c asp.net json ruby-on-rails .net sql-server swift python-3.x objective-c django angular angularjs excel regex pandas ruby iphone ajax linux xml vba asp.net-mvc spring laravel database wordpress typescript string wpf mongodb windows xcode postgresql bash oracle git vb.net amazon-web-services multithreading list firebase flutter eclipse spring-boot dataframe azure react-native algorithm docker macos forms image visual-studio scala powershell function twitter-bootstrap numpy api performance selenium winforms python-2.7 matlab vue.js sqlite apache hibernate entity-framework loops rest shell facebook express android-studio csv linq maven qt swing unit-testing file tensorflow

[ACCEPTED]-Is there a difference between ECDH and ECDSA keys?-elliptic-curve

Accepted answer
Score: 35

ECDSA and ECDH are from distinct standards 47 (ANSI X9.62 and X9.63, respectively), and 46 used in distinct contexts. X9.63 explicitly 45 reuses elements from X9.62, including the 44 standard representation of public keys (e.g. in 43 X.509 certificates). Hence, ECDSA and ECDH 42 key pairs are largely interchangeable. Whether 41 a given implementation will permit such 40 exchange, however, is an open question. Historically, (EC)DSA 39 and (EC)DH come from distinct worlds.

Note, though, that 38 usage contexts are quite distinct. There 37 is a bit more to cryptography than computations 36 on elliptic curves; the "key lifecycle" must 35 be taken into account. In plain words, you 34 do not want to manage key agreement keys 33 and signature keys with the same procedures. For 32 instance, if you lose your key agreement 31 key (your dog eats your smartcard -- do 30 not laugh, it really happens), then you 29 can no longer decrypt data which was encrypted 28 relatively to that key (e.g. encrypted emails 27 sent to you, and stored in encrypted format). From 26 a business point of view, the loss of a 25 key can also be the loss of an employee 24 (the employee was fired, and was struck 23 by a bus, or retired, or whatever). Hence, encryption 22 keys (including key agreement keys) must 21 often be escrowed (for instance, a copy 20 of the private key is printed and stored 19 in a safe). On the other hand, loss of a 18 signature key implies no data loss; previously 17 issued signatures can still be verified; recovering 16 from such a loss is as simple as creating 15 a new key pair. However, the existence of 14 an escrow system tends to automatically 13 strip signatures of any legal value that 12 could be attached to them.

Also, on a more 11 general basis, I would strongly advise against 10 using the same private key in two distinct 9 algorithms: interactions between algorithms 8 have not been fully explored (simply studying 7 one algorithm is already hard work). For 6 instance, what happens if someone begins 5 to feed your ECDH-based protocol with curve 4 points extracted from ECDSA signatures which 3 you computed with the same private key ?

So 2 you really should not reuse the same key 1 for ECDH and ECDSA.

Source: stackoverflow.com

More Related questions

Generating the CSR using BouncyCastle API

.NET implementation (libraries) of elliptic curve cryptography

Creating an ECC Private/Public key with native C#

Algorithm for elliptic curve point compression

disable weak ciphers in SSL connection

Is there a standardized fixed-length encoding for EC public keys?

Elliptic curve point addition over a finite field in Python

How to encrypt and decrypt data in Android using the elliptic curve key pair of type secp256r1?

How do I obtain the public key from an ECDSA private key in OpenSSL?

Convert a PKCS#8 private key to PEM in java